| // Copyright 2012 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chrome/browser/ash/settings/device_settings_provider.h" |
| |
| #include <memory> |
| #include <string> |
| #include <utility> |
| |
| #include "ash/constants/ash_features.h" |
| #include "base/functional/bind.h" |
| #include "base/test/metrics/histogram_tester.h" |
| #include "base/test/scoped_feature_list.h" |
| #include "base/test/scoped_path_override.h" |
| #include "base/values.h" |
| #include "chrome/browser/ash/ownership/owner_key_loader.h" |
| #include "chrome/browser/ash/policy/core/device_local_account.h" |
| #include "chrome/browser/ash/settings/device_settings_test_helper.h" |
| #include "chrome/common/chrome_paths.h" |
| #include "chrome/test/base/testing_browser_process.h" |
| #include "chrome/test/base/testing_profile.h" |
| #include "chromeos/ash/components/install_attributes/stub_install_attributes.h" |
| #include "chromeos/ash/components/policy/device_local_account/device_local_account_type.h" |
| #include "chromeos/ash/components/settings/cros_settings_names.h" |
| #include "components/policy/core/common/cloud/test/policy_builder.h" |
| #include "components/policy/proto/chrome_device_policy.pb.h" |
| #include "components/policy/proto/device_management_backend.pb.h" |
| #include "components/prefs/testing_pref_service.h" |
| #include "testing/gmock/include/gmock/gmock.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| namespace em = enterprise_management; |
| |
| namespace ash { |
| |
| using ::testing::_; |
| using ::testing::AnyNumber; |
| using ::testing::AtLeast; |
| using ::testing::Mock; |
| |
| namespace { |
| |
| const char kDisabledMessage[] = "This device has been disabled."; |
| |
| constexpr char kDeviceLocalAccountKioskAccountId[] = "kiosk_account_id"; |
| |
| } // namespace |
| |
| class DeviceSettingsProviderTest : public DeviceSettingsTestBase { |
| public: |
| DeviceSettingsProviderTest(const DeviceSettingsProviderTest&) = delete; |
| DeviceSettingsProviderTest& operator=(const DeviceSettingsProviderTest&) = |
| delete; |
| |
| MOCK_METHOD1(SettingChanged, void(const std::string&)); |
| MOCK_METHOD0(GetTrustedCallback, void(void)); |
| |
| protected: |
| DeviceSettingsProviderTest() |
| : user_data_dir_override_(chrome::DIR_USER_DATA) {} |
| |
| void SetUp() override { |
| DeviceSettingsTestBase::SetUp(); |
| |
| // Disable owner key migration. |
| feature_list_.InitWithFeatures( |
| /*enabled_features=*/{kStoreOwnerKeyInPrivateSlot}, |
| /*disabled_features=*/{kMigrateOwnerKeyToPrivateSlot}); |
| |
| EXPECT_CALL(*this, SettingChanged(_)).Times(AnyNumber()); |
| provider_ = std::make_unique<DeviceSettingsProvider>( |
| base::BindRepeating(&DeviceSettingsProviderTest::SettingChanged, |
| base::Unretained(this)), |
| device_settings_service_.get(), |
| TestingBrowserProcess::GetGlobal()->local_state()); |
| Mock::VerifyAndClearExpectations(this); |
| } |
| |
| void TearDown() override { |
| provider_.reset(); |
| DeviceSettingsTestBase::TearDown(); |
| } |
| |
| void BuildAndInstallDevicePolicy() { |
| EXPECT_CALL(*this, SettingChanged(_)).Times(AtLeast(1)); |
| device_policy_->Build(); |
| session_manager_client_.set_device_policy(device_policy_->GetBlob()); |
| ReloadDeviceSettings(); |
| Mock::VerifyAndClearExpectations(this); |
| } |
| |
| // Helper routine to enable/disable all reporting settings in policy. |
| void SetReportingSettings(bool enable_reporting, int frequency) { |
| em::DeviceReportingProto* proto = |
| device_policy_->payload().mutable_device_reporting(); |
| proto->set_report_version_info(enable_reporting); |
| proto->set_report_activity_times(enable_reporting); |
| proto->set_report_audio_status(enable_reporting); |
| proto->set_report_boot_mode(enable_reporting); |
| proto->set_report_location(enable_reporting); |
| proto->set_report_network_configuration(enable_reporting); |
| proto->set_report_network_status(enable_reporting); |
| proto->set_report_users(enable_reporting); |
| proto->set_report_session_status(enable_reporting); |
| proto->set_report_graphics_status(enable_reporting); |
| proto->set_report_crash_report_info(enable_reporting); |
| proto->set_report_os_update_status(enable_reporting); |
| proto->set_report_running_kiosk_app(enable_reporting); |
| proto->set_report_peripherals(enable_reporting); |
| proto->set_report_power_status(enable_reporting); |
| proto->set_report_security_status(enable_reporting); |
| proto->set_report_storage_status(enable_reporting); |
| proto->set_report_board_status(enable_reporting); |
| proto->set_report_app_info(enable_reporting); |
| proto->set_report_print_jobs(enable_reporting); |
| proto->set_report_login_logout(enable_reporting); |
| proto->set_report_crd_sessions(enable_reporting); |
| proto->set_report_runtime_counters(enable_reporting); |
| proto->set_device_activity_heartbeat_enabled(enable_reporting); |
| proto->set_report_network_events(enable_reporting); |
| proto->set_report_network_telemetry_collection_rate_ms(frequency); |
| proto->set_report_network_telemetry_event_checking_rate_ms(frequency); |
| proto->set_device_status_frequency(frequency); |
| proto->set_report_device_audio_status_checking_rate_ms(frequency); |
| proto->set_device_report_runtime_counters_checking_rate_ms(frequency); |
| proto->set_device_activity_heartbeat_collection_rate_ms(frequency); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| // Helper routine to enable/disable all reporting settings in policy. |
| void SetHeartbeatSettings(bool enable_heartbeat, int frequency) { |
| em::DeviceHeartbeatSettingsProto* proto = |
| device_policy_->payload().mutable_device_heartbeat_settings(); |
| proto->set_heartbeat_enabled(enable_heartbeat); |
| proto->set_heartbeat_frequency(frequency); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| // Helper routine to enable/disable log upload settings in policy. |
| void SetLogUploadSettings(bool enable_system_log_upload) { |
| em::DeviceLogUploadSettingsProto* proto = |
| device_policy_->payload().mutable_device_log_upload_settings(); |
| proto->set_system_log_upload_enabled(enable_system_log_upload); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| // Helper routine to set device wallpaper setting in policy. |
| void SetWallpaperSettings(const std::string& wallpaper_settings) { |
| em::DeviceWallpaperImageProto* proto = |
| device_policy_->payload().mutable_device_wallpaper_image(); |
| proto->set_device_wallpaper_image(wallpaper_settings); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| enum MetricsOption { DISABLE_METRICS, ENABLE_METRICS, REMOVE_METRICS_POLICY }; |
| |
| // Helper routine to enable/disable metrics report upload settings in policy. |
| void SetMetricsReportingSettings(MetricsOption option) { |
| if (option == REMOVE_METRICS_POLICY) { |
| // Remove policy altogether |
| device_policy_->payload().clear_metrics_enabled(); |
| } else { |
| // Enable or disable policy |
| em::MetricsEnabledProto* proto = |
| device_policy_->payload().mutable_metrics_enabled(); |
| proto->set_metrics_enabled(option == ENABLE_METRICS); |
| } |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| // Helper routine to ensure all heartbeat policies have been correctly |
| // decoded. |
| void VerifyHeartbeatSettings(bool expected_enable_state, |
| int expected_frequency) { |
| const base::Value expected_enabled_value(expected_enable_state); |
| EXPECT_EQ(expected_enabled_value, *provider_->Get(kHeartbeatEnabled)); |
| |
| const base::Value expected_frequency_value(expected_frequency); |
| EXPECT_EQ(expected_frequency_value, *provider_->Get(kHeartbeatFrequency)); |
| } |
| |
| // Helper routine to ensure all reporting policies have been correctly |
| // decoded. |
| void VerifyReportingSettings(bool expected_enable_state, |
| int expected_frequency) { |
| const char* reporting_settings[] = { |
| kDeviceReportRuntimeCounters, kReportDeviceVersionInfo, |
| kReportDeviceActivityTimes, kReportDeviceAudioStatus, |
| kReportDeviceBoardStatus, kReportDeviceBootMode, |
| // Device location reporting is not currently supported. |
| // kReportDeviceLocation, |
| kReportDeviceNetworkConfiguration, kReportDeviceNetworkStatus, |
| kReportDeviceUsers, kReportDevicePeripherals, kReportDevicePowerStatus, |
| kReportDeviceStorageStatus, kReportDeviceSessionStatus, |
| kReportDeviceSecurityStatus, kReportDeviceGraphicsStatus, |
| kReportDeviceCrashReportInfo, kReportDeviceAppInfo, |
| kReportDevicePrintJobs, kReportDeviceLoginLogout, kReportOsUpdateStatus, |
| kReportRunningKioskApp, kDeviceActivityHeartbeatEnabled, |
| kDeviceReportNetworkEvents}; |
| |
| const base::Value expected_enable_value(expected_enable_state); |
| for (auto* setting : reporting_settings) { |
| EXPECT_EQ(expected_enable_value, *provider_->Get(setting)) |
| << "Value for " << setting << " does not match expected"; |
| } |
| |
| const char* const reporting_frequency_settings[] = { |
| kReportUploadFrequency, |
| kReportDeviceNetworkTelemetryCollectionRateMs, |
| kReportDeviceNetworkTelemetryEventCheckingRateMs, |
| kReportDeviceAudioStatusCheckingRateMs, |
| kDeviceReportRuntimeCountersCheckingRateMs, |
| kDeviceActivityHeartbeatCollectionRateMs}; |
| const base::Value expected_frequency_value(expected_frequency); |
| for (auto* frequency_setting : reporting_frequency_settings) { |
| EXPECT_EQ(expected_frequency_value, *provider_->Get(frequency_setting)) |
| << "Value for " << frequency_setting << " does not match expected"; |
| } |
| } |
| |
| // Helper routine to ensure log upload policy has been correctly |
| // decoded. |
| void VerifyLogUploadSettings(bool expected_enable_state) { |
| const base::Value expected_enabled_value(expected_enable_state); |
| EXPECT_EQ(expected_enabled_value, *provider_->Get(kSystemLogUploadEnabled)); |
| } |
| |
| void VerifyPolicyValue(const char* policy_key, |
| const base::Value* ptr_to_expected_value) { |
| // The pointer might be null, so check before dereferencing. |
| const base::Value* value = provider_->Get(policy_key); |
| if (ptr_to_expected_value) { |
| // This prevents tests from crashing if provider returns nullptr. |
| ASSERT_TRUE(value); |
| EXPECT_EQ(*ptr_to_expected_value, *value); |
| } else { |
| EXPECT_EQ(nullptr, value); |
| } |
| } |
| |
| void VerifyPolicyList(const char* policy_key, |
| const base::Value::List& expected_value) { |
| const base::Value* value = provider_->Get(policy_key); |
| // This prevents tests from crashing if provider returns nullptr. |
| ASSERT_TRUE(value); |
| EXPECT_TRUE(value->is_list()); |
| EXPECT_EQ(expected_value, provider_->Get(policy_key)->GetList()); |
| } |
| |
| // Helper routine to set LoginScreenDomainAutoComplete policy. |
| void SetDomainAutoComplete(const std::string& domain) { |
| em::LoginScreenDomainAutoCompleteProto* proto = |
| device_policy_->payload().mutable_login_screen_domain_auto_complete(); |
| proto->set_login_screen_domain_auto_complete(domain); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| // Helper routine to check value of the LoginScreenDomainAutoComplete policy. |
| void VerifyDomainAutoComplete(const base::Value* ptr_to_expected_value) { |
| VerifyPolicyValue(kAccountsPrefLoginScreenDomainAutoComplete, |
| ptr_to_expected_value); |
| } |
| |
| // Helper routine to set AutoUpdates connection types policy. |
| void SetAutoUpdateConnectionTypes( |
| const std::vector<em::AutoUpdateSettingsProto::ConnectionType>& values) { |
| em::AutoUpdateSettingsProto* proto = |
| device_policy_->payload().mutable_auto_update_settings(); |
| proto->set_update_disabled(false); |
| for (auto const& value : values) { |
| proto->add_allowed_connection_types(value); |
| } |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| // Helper to set the content protection policy |
| void SetContentProtection(bool content_protection) { |
| em::AttestationSettingsProto* proto = |
| device_policy_->payload().mutable_attestation_settings(); |
| proto->set_content_protection_enabled(content_protection); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| // Helper routine to set HostnameTemplate policy. |
| void SetHostnameTemplate(const std::string& hostname_template) { |
| em::NetworkHostnameProto* proto = |
| device_policy_->payload().mutable_network_hostname(); |
| proto->set_device_hostname_template(hostname_template); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| // Helper routine that sets the device DeviceAutoUpdateTimeRestrictions policy |
| void SetDeviceAutoUpdateTimeRestrictions(const std::string& json_string) { |
| em::AutoUpdateSettingsProto* proto = |
| device_policy_->payload().mutable_auto_update_settings(); |
| proto->set_disallowed_time_intervals(json_string); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| // Helper routine that sets the device DeviceScheduledUpdateCheck policy |
| void SetDeviceScheduledUpdateCheck(const std::string& json_string) { |
| em::DeviceScheduledUpdateCheckProto* proto = |
| device_policy_->payload().mutable_device_scheduled_update_check(); |
| proto->set_device_scheduled_update_check_settings(json_string); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| void SetPluginVmAllowedSetting(bool plugin_vm_allowed) { |
| em::PluginVmAllowedProto* proto = |
| device_policy_->payload().mutable_plugin_vm_allowed(); |
| proto->set_plugin_vm_allowed(plugin_vm_allowed); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| void SetDeviceRebootOnUserSignout( |
| em::DeviceRebootOnUserSignoutProto::RebootOnSignoutMode value) { |
| EXPECT_CALL(*this, SettingChanged(_)).Times(AtLeast(1)); |
| em::DeviceRebootOnUserSignoutProto* proto = |
| device_policy_->payload().mutable_device_reboot_on_user_signout(); |
| proto->set_reboot_on_signout_mode(value); |
| device_policy_->Build(); |
| session_manager_client_.set_device_policy(device_policy_->GetBlob()); |
| ReloadDeviceSettings(); |
| Mock::VerifyAndClearExpectations(this); |
| } |
| |
| void SetDeviceDockMacAddressSourceSetting( |
| em::DeviceDockMacAddressSourceProto::Source |
| device_dock_mac_address_source) { |
| em::DeviceDockMacAddressSourceProto* proto = |
| device_policy_->payload().mutable_device_dock_mac_address_source(); |
| proto->set_source(device_dock_mac_address_source); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| void SetDeviceSecondFactorAuthenticationModeSetting( |
| em::DeviceSecondFactorAuthenticationProto::U2fMode mode) { |
| em::DeviceSecondFactorAuthenticationProto* proto = |
| device_policy_->payload().mutable_device_second_factor_authentication(); |
| proto->set_mode(mode); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| void SetDevicePowerwashAllowed(bool device_powerwash_allowed) { |
| em::DevicePowerwashAllowedProto* proto = |
| device_policy_->payload().mutable_device_powerwash_allowed(); |
| proto->set_device_powerwash_allowed(device_powerwash_allowed); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| // Helper routine to set DeviceLoginScreenSystemInfoEnforced policy. |
| void SetSystemInfoEnforced(bool enabled) { |
| em::BooleanPolicyProto* proto = |
| device_policy_->payload() |
| .mutable_device_login_screen_system_info_enforced(); |
| proto->set_value(enabled); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| void SetShowNumericKeyboardForPassword(bool show_numeric_keyboard) { |
| em::BooleanPolicyProto* proto = |
| device_policy_->payload() |
| .mutable_device_show_numeric_keyboard_for_password(); |
| proto->set_value(show_numeric_keyboard); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| void SetDevicePrinterAccessMode( |
| em::DevicePrintersAccessModeProto::AccessMode access_mode) { |
| em::DevicePrintersAccessModeProto* proto = |
| device_policy_->payload().mutable_device_printers_access_mode(); |
| proto->set_access_mode(access_mode); |
| } |
| |
| void SetDevicePrintersBlocklist(std::vector<std::string>& values) { |
| em::DevicePrintersBlocklistProto* proto = |
| device_policy_->payload().mutable_device_printers_blocklist(); |
| for (auto const& value : values) { |
| proto->add_blocklist(value); |
| } |
| } |
| |
| void SetDevicePrintersAllowlist(std::vector<std::string>& values) { |
| em::DevicePrintersAllowlistProto* proto = |
| device_policy_->payload().mutable_device_printers_allowlist(); |
| for (auto const& value : values) { |
| proto->add_allowlist(value); |
| } |
| } |
| |
| // Helper routine that sets the DeviceScheduledReboot policy. |
| void SetDeviceScheduledReboot(const std::string& json_string) { |
| em::DeviceScheduledRebootProto* proto = |
| device_policy_->payload().mutable_device_scheduled_reboot(); |
| proto->set_device_scheduled_reboot_settings(json_string); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| void VerifyDevicePrinterList(const char* policy_key, |
| std::vector<std::string>& values) { |
| base::Value::List list; |
| for (auto const& value : values) { |
| list.Append(value); |
| } |
| |
| base::Value expected_value(std::move(list)); |
| VerifyPolicyValue(policy_key, &expected_value); |
| } |
| |
| // Helper routine clear the ShowLowDiskSpaceNotification policy. |
| void ClearDeviceShowLowDiskSpaceNotification() { |
| device_policy_->payload().clear_device_show_low_disk_space_notification(); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| // Helper routine set the ShowLowDiskSpaceNotification policy. |
| void SetDeviceShowLowDiskSpaceNotification(bool show) { |
| em::DeviceShowLowDiskSpaceNotificationProto* proto = |
| device_policy_->payload() |
| .mutable_device_show_low_disk_space_notification(); |
| proto->set_device_show_low_disk_space_notification(show); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| void SetDeviceFamilyLinkAccountsAllowed(bool allow) { |
| em::DeviceFamilyLinkAccountsAllowedProto* proto = |
| device_policy_->payload().mutable_family_link_accounts_allowed(); |
| proto->set_family_link_accounts_allowed(allow); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| void AddUserToAllowlist(const std::string& user_id) { |
| auto& proto = device_policy_->payload(); |
| proto.mutable_user_allowlist()->add_user_allowlist(user_id); |
| proto.mutable_allow_new_users()->set_allow_new_users(true); |
| BuildAndInstallDevicePolicy(); |
| } |
| |
| void VerifyDeviceShowLowDiskSpaceNotification(bool expected) { |
| const base::Value expected_value(expected); |
| EXPECT_EQ(expected_value, |
| *provider_->Get(kDeviceShowLowDiskSpaceNotification)); |
| } |
| |
| base::test::ScopedFeatureList feature_list_; |
| |
| std::unique_ptr<DeviceSettingsProvider> provider_; |
| |
| base::ScopedPathOverride user_data_dir_override_; |
| }; |
| |
| // Same as above, but enrolled into an enterprise. |
| class DeviceSettingsProviderTestEnterprise : public DeviceSettingsProviderTest { |
| protected: |
| void SetUp() override { |
| DeviceSettingsProviderTest::SetUp(); |
| profile_->ScopedCrosSettingsTestHelper() |
| ->InstallAttributes() |
| ->SetCloudManaged(policy::PolicyBuilder::kFakeDomain, |
| policy::PolicyBuilder::kFakeDeviceId); |
| } |
| }; |
| |
| TEST_F(DeviceSettingsProviderTest, InitializationTest) { |
| // Have the service load a settings blob. |
| EXPECT_CALL(*this, SettingChanged(_)).Times(AnyNumber()); |
| ReloadDeviceSettings(); |
| Mock::VerifyAndClearExpectations(this); |
| |
| // Verify that the policy blob has been correctly parsed and trusted. |
| // The trusted flag should be set before the call to PrepareTrustedValues. |
| base::OnceClosure closure = base::DoNothing(); |
| EXPECT_EQ(CrosSettingsProvider::TRUSTED, |
| provider_->PrepareTrustedValues(&closure)); |
| EXPECT_TRUE(closure); // Ownership of |closure| was not taken. |
| const base::Value* value = provider_->Get(kStatsReportingPref); |
| ASSERT_TRUE(value); |
| ASSERT_TRUE(value->is_bool()); |
| EXPECT_FALSE(value->GetBool()); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, InitializationTestUnowned) { |
| // Have the service check the key. |
| owner_key_util_->Clear(); |
| ReloadDeviceSettings(); |
| |
| // The trusted flag should be set before the call to PrepareTrustedValues. |
| base::OnceClosure closure = base::DoNothing(); |
| EXPECT_EQ(CrosSettingsProvider::TRUSTED, |
| provider_->PrepareTrustedValues(&closure)); |
| EXPECT_TRUE(closure); // Ownership of |closure| was not taken. |
| const base::Value* value = provider_->Get(kReleaseChannel); |
| ASSERT_TRUE(value); |
| ASSERT_TRUE(value->is_string()); |
| EXPECT_TRUE(value->GetString().empty()); |
| |
| // Sets should succeed though and be readable from the cache. |
| EXPECT_CALL(*this, SettingChanged(_)).Times(AnyNumber()); |
| EXPECT_CALL(*this, SettingChanged(kReleaseChannel)).Times(1); |
| base::Value new_value("stable-channel"); |
| provider_->DoSet(kReleaseChannel, new_value); |
| Mock::VerifyAndClearExpectations(this); |
| |
| // This shouldn't trigger a write. |
| session_manager_client_.set_device_policy(std::string()); |
| FlushDeviceSettings(); |
| EXPECT_EQ(std::string(), session_manager_client_.device_policy()); |
| |
| // Verify the change has been applied. |
| const base::Value* saved_value = provider_->Get(kReleaseChannel); |
| ASSERT_TRUE(saved_value); |
| ASSERT_TRUE(saved_value->is_string()); |
| ASSERT_EQ("stable-channel", saved_value->GetString()); |
| } |
| |
| TEST_F(DeviceSettingsProviderTestEnterprise, NoPolicyDefaultsOn) { |
| // Missing policy should default to reporting enabled for enterprise-enrolled |
| // devices, see crbug/456186. |
| SetMetricsReportingSettings(REMOVE_METRICS_POLICY); |
| const base::Value* saved_value = provider_->Get(kStatsReportingPref); |
| ASSERT_TRUE(saved_value); |
| ASSERT_TRUE(saved_value->is_bool()); |
| EXPECT_TRUE(saved_value->GetBool()); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, NoPolicyDefaultsOff) { |
| // Missing policy should default to reporting enabled for non-enterprise- |
| // enrolled devices, see crbug/456186. |
| SetMetricsReportingSettings(REMOVE_METRICS_POLICY); |
| const base::Value* saved_value = provider_->Get(kStatsReportingPref); |
| ASSERT_TRUE(saved_value); |
| ASSERT_TRUE(saved_value->is_bool()); |
| EXPECT_FALSE(saved_value->GetBool()); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, SetPrefFailed) { |
| SetMetricsReportingSettings(DISABLE_METRICS); |
| |
| // If we are not the owner no sets should work. |
| base::Value value(true); |
| EXPECT_CALL(*this, SettingChanged(kStatsReportingPref)).Times(1); |
| provider_->DoSet(kStatsReportingPref, value); |
| Mock::VerifyAndClearExpectations(this); |
| |
| // This shouldn't trigger a write. |
| session_manager_client_.set_device_policy(std::string()); |
| FlushDeviceSettings(); |
| EXPECT_EQ(std::string(), session_manager_client_.device_policy()); |
| |
| // Verify the change has not been applied. |
| const base::Value* saved_value = provider_->Get(kStatsReportingPref); |
| ASSERT_TRUE(saved_value); |
| ASSERT_TRUE(saved_value->is_bool()); |
| EXPECT_FALSE(saved_value->GetBool()); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, SetPrefSucceed) { |
| owner_key_util_->ImportPrivateKeyAndSetPublicKey( |
| *device_policy_->GetSigningKey()); |
| InitOwner(AccountId::FromUserEmail(device_policy_->policy_data().username()), |
| true); |
| FlushDeviceSettings(); |
| |
| base::Value value(true); |
| EXPECT_CALL(*this, SettingChanged(_)).Times(AnyNumber()); |
| EXPECT_CALL(*this, SettingChanged(kStatsReportingPref)).Times(1); |
| provider_->DoSet(kStatsReportingPref, value); |
| Mock::VerifyAndClearExpectations(this); |
| |
| // Process the store. |
| session_manager_client_.set_device_policy(std::string()); |
| FlushDeviceSettings(); |
| |
| // Verify that the device policy has been adjusted. |
| ASSERT_TRUE(device_settings_service_->device_settings()); |
| EXPECT_TRUE(device_settings_service_->device_settings() |
| ->metrics_enabled() |
| .metrics_enabled()); |
| |
| // Verify the change has been applied. |
| const base::Value* saved_value = provider_->Get(kStatsReportingPref); |
| ASSERT_TRUE(saved_value); |
| ASSERT_TRUE(saved_value->is_bool()); |
| EXPECT_TRUE(saved_value->GetBool()); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, SetPrefTwice) { |
| owner_key_util_->ImportPrivateKeyAndSetPublicKey( |
| *device_policy_->GetSigningKey()); |
| InitOwner(AccountId::FromUserEmail(device_policy_->policy_data().username()), |
| true); |
| FlushDeviceSettings(); |
| |
| EXPECT_CALL(*this, SettingChanged(_)).Times(AnyNumber()); |
| |
| base::Value value1("beta"); |
| provider_->DoSet(kReleaseChannel, value1); |
| base::Value value2("dev"); |
| provider_->DoSet(kReleaseChannel, value2); |
| |
| // Let the changes propagate through the system. |
| session_manager_client_.set_device_policy(std::string()); |
| FlushDeviceSettings(); |
| |
| // Verify the second change has been applied. |
| const base::Value* saved_value = provider_->Get(kReleaseChannel); |
| EXPECT_EQ(value2, *saved_value); |
| |
| Mock::VerifyAndClearExpectations(this); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, PolicyRetrievalFailedBadSignature) { |
| base::HistogramTester histogram_tester; |
| owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_->GetSigningKey()); |
| device_policy_->policy().set_policy_data_signature("bad signature"); |
| session_manager_client_.set_device_policy(device_policy_->GetBlob()); |
| ReloadDeviceSettings(); |
| |
| // Verify that the cached settings blob is not "trusted". |
| EXPECT_EQ(DeviceSettingsService::STORE_VALIDATION_ERROR, |
| device_settings_service_->status()); |
| base::OnceClosure closure = base::DoNothing(); |
| EXPECT_EQ(CrosSettingsProvider::PERMANENTLY_UNTRUSTED, |
| provider_->PrepareTrustedValues(&closure)); |
| EXPECT_TRUE(closure); // Ownership of |closure| was not taken. |
| histogram_tester.ExpectUniqueSample( |
| "Enterprise.DeviceSettings.UpdatedStatus2", |
| DeviceSettingsService::STORE_VALIDATION_ERROR, /*amount=*/1); |
| histogram_tester.ExpectTotalCount( |
| "Enterprise.DeviceSettings.MissingPolicyMitigated", 0); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, PolicyRetrievalNoPolicy) { |
| base::HistogramTester histogram_tester; |
| owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_->GetSigningKey()); |
| session_manager_client_.set_device_policy(std::string()); |
| ReloadDeviceSettings(); |
| |
| // Verify that the cached settings blob is not "trusted". |
| EXPECT_EQ(DeviceSettingsService::STORE_NO_POLICY, |
| device_settings_service_->status()); |
| base::OnceClosure closure = base::DoNothing(); |
| EXPECT_EQ(CrosSettingsProvider::PERMANENTLY_UNTRUSTED, |
| provider_->PrepareTrustedValues(&closure)); |
| EXPECT_TRUE(closure); // Ownership of |closure| was not taken. |
| histogram_tester.ExpectUniqueSample( |
| "Enterprise.DeviceSettings.UpdatedStatus2", |
| DeviceSettingsService::STORE_NO_POLICY, |
| /*amount=*/1); |
| histogram_tester.ExpectTotalCount( |
| "Enterprise.DeviceSettings.MissingPolicyMitigated", 0); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, PolicyRetrievalNoPolicyMitigated) { |
| base::HistogramTester histogram_tester; |
| profile_->ScopedCrosSettingsTestHelper() |
| ->InstallAttributes() |
| ->SetConsumerOwned(); |
| owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_->GetSigningKey()); |
| session_manager_client_.set_device_policy(std::string()); |
| ReloadDeviceSettings(); |
| |
| // Verify that the cached settings blob is not "trusted". |
| EXPECT_EQ(DeviceSettingsService::STORE_NO_POLICY, |
| device_settings_service_->status()); |
| base::OnceClosure closure = base::DoNothing(); |
| EXPECT_EQ(CrosSettingsProvider::TRUSTED, |
| provider_->PrepareTrustedValues(&closure)); |
| EXPECT_TRUE(closure); // Ownership of |closure| was not taken. |
| histogram_tester.ExpectUniqueSample( |
| "Enterprise.DeviceSettings.UpdatedStatus2", |
| DeviceSettingsService::STORE_NO_POLICY, |
| /*amount=*/1); |
| histogram_tester.ExpectTotalCount( |
| "Enterprise.DeviceSettings.MissingPolicyMitigated", 1); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, PolicyFailedPermanentlyNotification) { |
| base::HistogramTester histogram_tester; |
| session_manager_client_.set_device_policy(std::string()); |
| |
| base::OnceClosure closure = base::BindOnce( |
| &DeviceSettingsProviderTest::GetTrustedCallback, base::Unretained(this)); |
| |
| EXPECT_CALL(*this, GetTrustedCallback()); |
| EXPECT_EQ(CrosSettingsProvider::TEMPORARILY_UNTRUSTED, |
| provider_->PrepareTrustedValues(&closure)); |
| EXPECT_FALSE(closure); // Ownership of |closure| was taken. |
| |
| ReloadDeviceSettings(); |
| Mock::VerifyAndClearExpectations(this); |
| |
| closure = base::DoNothing(); |
| EXPECT_EQ(CrosSettingsProvider::PERMANENTLY_UNTRUSTED, |
| provider_->PrepareTrustedValues(&closure)); |
| EXPECT_TRUE(closure); // Ownership of |closure| was not taken. |
| histogram_tester.ExpectUniqueSample( |
| "Enterprise.DeviceSettings.UpdatedStatus2", |
| DeviceSettingsService::STORE_NO_POLICY, |
| /*amount=*/1); |
| histogram_tester.ExpectTotalCount( |
| "Enterprise.DeviceSettings.MissingPolicyMitigated", 0); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, PolicyLoadNotification) { |
| base::HistogramTester histogram_tester; |
| EXPECT_CALL(*this, GetTrustedCallback()); |
| |
| base::OnceClosure closure = base::BindOnce( |
| &DeviceSettingsProviderTest::GetTrustedCallback, base::Unretained(this)); |
| EXPECT_EQ(CrosSettingsProvider::TEMPORARILY_UNTRUSTED, |
| provider_->PrepareTrustedValues(&closure)); |
| EXPECT_FALSE(closure); // Ownership of |closure| was taken. |
| |
| ReloadDeviceSettings(); |
| Mock::VerifyAndClearExpectations(this); |
| histogram_tester.ExpectUniqueSample( |
| "Enterprise.DeviceSettings.UpdatedStatus2", |
| DeviceSettingsService::STORE_SUCCESS, |
| /*amount=*/1); |
| histogram_tester.ExpectTotalCount( |
| "Enterprise.DeviceSettings.MissingPolicyMitigated", 0); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, LegacyDeviceLocalAccounts) { |
| em::DeviceLocalAccountInfoProto* account = |
| device_policy_->payload().mutable_device_local_accounts()->add_account(); |
| account->set_deprecated_public_session_id( |
| policy::PolicyBuilder::kFakeUsername); |
| BuildAndInstallDevicePolicy(); |
| |
| // On load, the deprecated spec should have been converted to the new format. |
| base::Value::List expected_accounts; |
| base::Value::Dict entry_dict; |
| entry_dict.Set(kAccountsPrefDeviceLocalAccountsKeyId, |
| policy::PolicyBuilder::kFakeUsername); |
| entry_dict.Set( |
| kAccountsPrefDeviceLocalAccountsKeyType, |
| static_cast<int>(policy::DeviceLocalAccountType::kPublicSession)); |
| expected_accounts.Append(std::move(entry_dict)); |
| const base::Value* actual_accounts = |
| provider_->Get(kAccountsPrefDeviceLocalAccounts); |
| EXPECT_EQ(expected_accounts, actual_accounts->GetList()); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, |
| DeviceLocalAccountsWithoutEphemeralModeField) { |
| em::DeviceLocalAccountInfoProto* account = |
| device_policy_->payload().mutable_device_local_accounts()->add_account(); |
| account->set_account_id(kDeviceLocalAccountKioskAccountId); |
| account->set_type(em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_KIOSK_APP); |
| |
| BuildAndInstallDevicePolicy(); |
| |
| base::Value::List expected_accounts = base::Value::List().Append( |
| base::Value::Dict() |
| .Set(kAccountsPrefDeviceLocalAccountsKeyId, |
| kDeviceLocalAccountKioskAccountId) |
| .Set(kAccountsPrefDeviceLocalAccountsKeyType, |
| static_cast<int>(policy::DeviceLocalAccountType::kKioskApp)) |
| .Set(kAccountsPrefDeviceLocalAccountsKeyEphemeralMode, |
| static_cast<int>( |
| policy::DeviceLocalAccount::EphemeralMode::kUnset))); |
| |
| const base::Value* actual_accounts = |
| provider_->Get(kAccountsPrefDeviceLocalAccounts); |
| EXPECT_EQ(expected_accounts, actual_accounts->GetList()); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceLocalAccountsWithEphemeralModeField) { |
| em::DeviceLocalAccountInfoProto* account = |
| device_policy_->payload().mutable_device_local_accounts()->add_account(); |
| account->set_account_id(kDeviceLocalAccountKioskAccountId); |
| account->set_type( |
| em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_WEB_KIOSK_APP); |
| account->set_ephemeral_mode( |
| em::DeviceLocalAccountInfoProto::EPHEMERAL_MODE_ENABLE); |
| |
| BuildAndInstallDevicePolicy(); |
| |
| base::Value::List expected_accounts = base::Value::List().Append( |
| base::Value::Dict() |
| .Set(kAccountsPrefDeviceLocalAccountsKeyId, |
| kDeviceLocalAccountKioskAccountId) |
| .Set(kAccountsPrefDeviceLocalAccountsKeyType, |
| static_cast<int>(policy::DeviceLocalAccountType::kWebKioskApp)) |
| .Set(kAccountsPrefDeviceLocalAccountsKeyEphemeralMode, |
| static_cast<int>( |
| policy::DeviceLocalAccount::EphemeralMode::kEnable))); |
| |
| const base::Value* actual_accounts = |
| provider_->Get(kAccountsPrefDeviceLocalAccounts); |
| EXPECT_EQ(expected_accounts, actual_accounts->GetList()); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DecodeDeviceState) { |
| device_policy_->policy_data().mutable_device_state()->set_device_mode( |
| em::DeviceState::DEVICE_MODE_DISABLED); |
| device_policy_->policy_data() |
| .mutable_device_state() |
| ->mutable_disabled_state() |
| ->set_message(kDisabledMessage); |
| BuildAndInstallDevicePolicy(); |
| |
| // Verify that the device state has been decoded correctly. |
| EXPECT_TRUE(provider_->Get(kDeviceDisabled)); |
| const base::Value expected_disabled_message_value(kDisabledMessage); |
| EXPECT_EQ(expected_disabled_message_value, |
| *provider_->Get(kDeviceDisabledMessage)); |
| |
| // Verify that a change to the device state triggers a notification. |
| device_policy_->policy_data().mutable_device_state()->clear_device_mode(); |
| BuildAndInstallDevicePolicy(); |
| |
| // Verify that the updated state has been decoded correctly. |
| EXPECT_FALSE(provider_->Get(kDeviceDisabled)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DecodeReportingSettings) { |
| // Turn on all reporting and verify that the reporting settings have been |
| // decoded correctly. |
| constexpr int status_frequency = 500000000; |
| SetReportingSettings(true, status_frequency); |
| VerifyReportingSettings(true, status_frequency); |
| |
| // Turn off all reporting and verify that the settings are decoded |
| // correctly. |
| SetReportingSettings(false, status_frequency); |
| VerifyReportingSettings(false, status_frequency); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, |
| DecodeReportingSignalStrengthEventDrivenTelemetrySetting) { |
| em::DeviceReportingProto* proto = |
| device_policy_->payload().mutable_device_reporting(); |
| proto->mutable_report_signal_strength_event_driven_telemetry()->add_entries( |
| "https_latency"); |
| proto->mutable_report_signal_strength_event_driven_telemetry()->add_entries( |
| "network_telemetry"); |
| |
| BuildAndInstallDevicePolicy(); |
| |
| base::Value::List signal_strength_telemetry_list; |
| signal_strength_telemetry_list.Append("https_latency"); |
| signal_strength_telemetry_list.Append("network_telemetry"); |
| base::Value signal_strength_telemetry_list_value = |
| base::Value(std::move(signal_strength_telemetry_list)); |
| |
| VerifyPolicyValue(kReportDeviceSignalStrengthEventDrivenTelemetry, |
| &signal_strength_telemetry_list_value); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DecodeHeartbeatSettings) { |
| // Turn on heartbeats and verify that the heartbeat settings have been |
| // decoded correctly. |
| const int heartbeat_frequency = 50000; |
| SetHeartbeatSettings(true, heartbeat_frequency); |
| VerifyHeartbeatSettings(true, heartbeat_frequency); |
| |
| // Turn off all reporting and verify that the settings are decoded |
| // correctly. |
| SetHeartbeatSettings(false, heartbeat_frequency); |
| VerifyHeartbeatSettings(false, heartbeat_frequency); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DecodeDomainAutoComplete) { |
| // By default LoginScreenDomainAutoComplete policy should not be set. |
| VerifyDomainAutoComplete(nullptr); |
| |
| // Empty string means that the policy is not set. |
| SetDomainAutoComplete(""); |
| VerifyDomainAutoComplete(nullptr); |
| |
| // Check some meaningful value. Policy should be set. |
| const std::string domain = "domain.test"; |
| const base::Value domain_value(domain); |
| SetDomainAutoComplete(domain); |
| VerifyDomainAutoComplete(&domain_value); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, EmptyAllowedConnectionTypesForUpdate) { |
| // By default AllowedConnectionTypesForUpdate policy should not be set. |
| VerifyPolicyValue(kAllowedConnectionTypesForUpdate, nullptr); |
| |
| // In case of empty list policy should not be set. |
| const std::vector<em::AutoUpdateSettingsProto::ConnectionType> no_values = {}; |
| SetAutoUpdateConnectionTypes(no_values); |
| VerifyPolicyValue(kAllowedConnectionTypesForUpdate, nullptr); |
| |
| const std::vector<em::AutoUpdateSettingsProto::ConnectionType> single_value = |
| {em::AutoUpdateSettingsProto::CONNECTION_TYPE_ETHERNET}; |
| // Check some meaningful value. Policy should be set. |
| SetAutoUpdateConnectionTypes(single_value); |
| base::Value::List allowed_connections; |
| allowed_connections.Append(0); |
| VerifyPolicyList(kAllowedConnectionTypesForUpdate, allowed_connections); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DecodeHostnameTemplate) { |
| // By default DeviceHostnameTemplate policy should not be set. |
| VerifyPolicyValue(kDeviceHostnameTemplate, nullptr); |
| |
| // Empty string means that the policy is not set. |
| SetHostnameTemplate(""); |
| VerifyPolicyValue(kDeviceHostnameTemplate, nullptr); |
| |
| // Check some meaningful value. Policy should be set. |
| const std::string hostname_template = "chromebook-${ASSET_ID}"; |
| const base::Value template_value(hostname_template); |
| SetHostnameTemplate(hostname_template); |
| VerifyPolicyValue(kDeviceHostnameTemplate, &template_value); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DecodeLogUploadSettings) { |
| SetLogUploadSettings(true); |
| VerifyLogUploadSettings(true); |
| |
| SetLogUploadSettings(false); |
| VerifyLogUploadSettings(false); |
| } |
| |
| // Test invalid cases. |
| TEST_F(DeviceSettingsProviderTest, DeviceAutoUpdateTimeRestrictionsEmpty) { |
| // Policy should not be set by default |
| VerifyPolicyValue(kDeviceAutoUpdateTimeRestrictions, nullptr); |
| |
| // Empty string should not be considered valid |
| SetDeviceAutoUpdateTimeRestrictions(""); |
| VerifyPolicyValue(kDeviceAutoUpdateTimeRestrictions, nullptr); |
| } |
| |
| // JSON with required fields that have values out of bounds should be dropped. |
| TEST_F(DeviceSettingsProviderTest, |
| DeviceAutoUpdateTimeRestrictionsInvalidField) { |
| // JSON with an invalid field should be considered invalid. |
| const std::string invalid_field = |
| "[{\"start\": {\"day_of_week\": \"Monday\", \"hours\": 10, \"minutes\": " |
| "50}, \"end\": {\"day_of_week\": \"Wednesday\", \"hours\": 1, " |
| "\"minutes\": -20}}]"; |
| SetDeviceAutoUpdateTimeRestrictions(invalid_field); |
| VerifyPolicyValue(kDeviceAutoUpdateTimeRestrictions, nullptr); |
| } |
| |
| // Valid JSON with extra fields should be considered valid and saved with |
| // dropped extra fields. |
| TEST_F(DeviceSettingsProviderTest, DeviceAutoUpdateTimeRestrictionsExtra) { |
| const std::string extra_field = |
| "[{\"start\": {\"day_of_week\": \"Monday\", \"hours\": 10, \"minutes\": " |
| "50}, \"end\": {\"day_of_week\": \"Wednesday\", \"hours\": 1, " |
| "\"minutes\": 20, \"extra\": 50}}]"; |
| base::Value::List test_list; |
| base::Value::Dict interval; |
| interval.SetByDottedPath("start.day_of_week", "Monday"); |
| interval.SetByDottedPath("start.hours", 10); |
| interval.SetByDottedPath("start.minutes", 50); |
| interval.SetByDottedPath("end.day_of_week", "Wednesday"); |
| interval.SetByDottedPath("end.hours", 1); |
| interval.SetByDottedPath("end.minutes", 20); |
| test_list.Append(std::move(interval)); |
| SetDeviceAutoUpdateTimeRestrictions(extra_field); |
| VerifyPolicyList(kDeviceAutoUpdateTimeRestrictions, test_list); |
| } |
| |
| // Check valid JSON for DeviceScheduledUpdateCheck. |
| TEST_F(DeviceSettingsProviderTest, DeviceScheduledUpdateCheckTests) { |
| const std::string json_string = |
| "{\"update_check_time\": {\"hour\": 23, \"minute\": 35}, " |
| "\"frequency\": \"DAILY\", \"day_of_week\": \"MONDAY\", " |
| "\"day_of_month\": 15}"; |
| base::Value::Dict expected_dict; |
| expected_dict.SetByDottedPath("update_check_time.hour", 23); |
| expected_dict.SetByDottedPath("update_check_time.minute", 35); |
| expected_dict.Set("frequency", "DAILY"); |
| expected_dict.Set("day_of_week", "MONDAY"); |
| expected_dict.Set("day_of_month", 15); |
| base::Value expected_value(std::move(expected_dict)); |
| SetDeviceScheduledUpdateCheck(json_string); |
| VerifyPolicyValue(kDeviceScheduledUpdateCheck, &expected_value); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DecodePluginVmAllowedSetting) { |
| SetPluginVmAllowedSetting(true); |
| EXPECT_EQ(base::Value(true), *provider_->Get(kPluginVmAllowed)); |
| |
| SetPluginVmAllowedSetting(false); |
| EXPECT_EQ(base::Value(false), *provider_->Get(kPluginVmAllowed)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceRebootAfterUserSignout) { |
| using PolicyProto = em::DeviceRebootOnUserSignoutProto; |
| |
| VerifyPolicyValue(kDeviceRebootOnUserSignout, nullptr); |
| |
| { |
| SetDeviceRebootOnUserSignout(PolicyProto::NEVER); |
| base::Value expected_value(PolicyProto::NEVER); |
| VerifyPolicyValue(kDeviceRebootOnUserSignout, &expected_value); |
| } |
| |
| { |
| SetDeviceRebootOnUserSignout(PolicyProto::ARC_SESSION); |
| base::Value expected_value(PolicyProto::ARC_SESSION); |
| VerifyPolicyValue(kDeviceRebootOnUserSignout, &expected_value); |
| } |
| |
| { |
| SetDeviceRebootOnUserSignout(PolicyProto::ALWAYS); |
| base::Value expected_value(PolicyProto::ALWAYS); |
| VerifyPolicyValue(kDeviceRebootOnUserSignout, &expected_value); |
| } |
| |
| { |
| SetDeviceRebootOnUserSignout(PolicyProto::VM_STARTED_OR_ARC_SESSION); |
| base::Value expected_value(PolicyProto::VM_STARTED_OR_ARC_SESSION); |
| VerifyPolicyValue(kDeviceRebootOnUserSignout, &expected_value); |
| } |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceDockMacAddressSourceSetting) { |
| const base::Value default_value(3); |
| VerifyPolicyValue(kDeviceDockMacAddressSource, &default_value); |
| |
| SetDeviceDockMacAddressSourceSetting( |
| em::DeviceDockMacAddressSourceProto::DEVICE_DOCK_MAC_ADDRESS); |
| EXPECT_EQ(base::Value(1), *provider_->Get(kDeviceDockMacAddressSource)); |
| |
| SetDeviceDockMacAddressSourceSetting( |
| em::DeviceDockMacAddressSourceProto::DEVICE_NIC_MAC_ADDRESS); |
| EXPECT_EQ(base::Value(2), *provider_->Get(kDeviceDockMacAddressSource)); |
| |
| SetDeviceDockMacAddressSourceSetting( |
| em::DeviceDockMacAddressSourceProto::DOCK_NIC_MAC_ADDRESS); |
| EXPECT_EQ(base::Value(3), *provider_->Get(kDeviceDockMacAddressSource)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, |
| DeviceSecondFactorAuthenticationModeSetting) { |
| VerifyPolicyValue(kDeviceSecondFactorAuthenticationMode, nullptr); |
| |
| SetDeviceSecondFactorAuthenticationModeSetting( |
| em::DeviceSecondFactorAuthenticationProto::UNSET); |
| EXPECT_EQ(base::Value(0), |
| *provider_->Get(kDeviceSecondFactorAuthenticationMode)); |
| |
| SetDeviceSecondFactorAuthenticationModeSetting( |
| em::DeviceSecondFactorAuthenticationProto::DISABLED); |
| EXPECT_EQ(base::Value(1), |
| *provider_->Get(kDeviceSecondFactorAuthenticationMode)); |
| |
| SetDeviceSecondFactorAuthenticationModeSetting( |
| em::DeviceSecondFactorAuthenticationProto::U2F); |
| EXPECT_EQ(base::Value(2), |
| *provider_->Get(kDeviceSecondFactorAuthenticationMode)); |
| |
| SetDeviceSecondFactorAuthenticationModeSetting( |
| em::DeviceSecondFactorAuthenticationProto::U2F_EXTENDED); |
| EXPECT_EQ(base::Value(3), |
| *provider_->Get(kDeviceSecondFactorAuthenticationMode)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DevicePowerwashAllowed) { |
| // Policy should be set to true by default. |
| base::Value default_value(true); |
| VerifyPolicyValue(kDevicePowerwashAllowed, &default_value); |
| |
| SetDevicePowerwashAllowed(true); |
| EXPECT_EQ(base::Value(true), *provider_->Get(kDevicePowerwashAllowed)); |
| |
| SetDevicePowerwashAllowed(false); |
| EXPECT_EQ(base::Value(false), *provider_->Get(kDevicePowerwashAllowed)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceLoginScreenSystemInfoEnforced) { |
| // Policy should not be set by default. |
| VerifyPolicyValue(kDeviceLoginScreenSystemInfoEnforced, nullptr); |
| |
| SetSystemInfoEnforced(true); |
| EXPECT_EQ(base::Value(true), |
| *provider_->Get(kDeviceLoginScreenSystemInfoEnforced)); |
| |
| SetSystemInfoEnforced(false); |
| EXPECT_EQ(base::Value(false), |
| *provider_->Get(kDeviceLoginScreenSystemInfoEnforced)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceShowNumericKeyboardForPassword) { |
| // Policy should not be set by default. |
| VerifyPolicyValue(kDeviceShowNumericKeyboardForPassword, nullptr); |
| |
| SetShowNumericKeyboardForPassword(true); |
| EXPECT_EQ(base::Value(true), |
| *provider_->Get(kDeviceShowNumericKeyboardForPassword)); |
| |
| SetShowNumericKeyboardForPassword(false); |
| EXPECT_EQ(base::Value(false), |
| *provider_->Get(kDeviceShowNumericKeyboardForPassword)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DevicePrintersAccessMode_empty) { |
| // Policy should be ACCESS_MODE_ALL by default. |
| base::Value default_value(em::DevicePrintersAccessModeProto::ACCESS_MODE_ALL); |
| VerifyPolicyValue(kDevicePrintersAccessMode, &default_value); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DevicePrintersAccessMode_allowlist) { |
| SetDevicePrinterAccessMode( |
| em::DevicePrintersAccessModeProto::ACCESS_MODE_ALLOWLIST); |
| BuildAndInstallDevicePolicy(); |
| base::Value expected_value( |
| em::DevicePrintersAccessModeProto::ACCESS_MODE_ALLOWLIST); |
| VerifyPolicyValue(kDevicePrintersAccessMode, &expected_value); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DevicePrintersBlocklist_empty) { |
| // Policy should not be set by default |
| VerifyPolicyValue(kDevicePrintersBlocklist, nullptr); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DevicePrintersBlocklist_blocklist) { |
| std::vector<std::string> values = {"foo", "bar"}; |
| |
| // If the blocklist only is set, use that. |
| SetDevicePrintersBlocklist(values); |
| BuildAndInstallDevicePolicy(); |
| VerifyDevicePrinterList(kDevicePrintersBlocklist, values); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DevicePrintersAllowlist_empty) { |
| // Policy should not be set by default. |
| VerifyPolicyValue(kDevicePrintersAllowlist, nullptr); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DevicePrintersAllowlist_allowlist) { |
| std::vector<std::string> values = {"foo", "bar"}; |
| |
| // If the allowlist only is set, use that. |
| SetDevicePrintersAllowlist(values); |
| BuildAndInstallDevicePolicy(); |
| VerifyDevicePrinterList(kDevicePrintersAllowlist, values); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, |
| DeviceShowLowDiskSpaceNotificationDefaultTrue) { |
| ClearDeviceShowLowDiskSpaceNotification(); |
| // Missing policy should default to showing the low disk space |
| // notification for consumer devices. |
| VerifyDeviceShowLowDiskSpaceNotification(true); |
| } |
| |
| TEST_F(DeviceSettingsProviderTestEnterprise, |
| DeviceShowLowDiskSpaceNotificationDefaultFalse) { |
| ClearDeviceShowLowDiskSpaceNotification(); |
| // Missing policy should default to suppressing the low disk space |
| // notification for enrolled devices by default. |
| VerifyDeviceShowLowDiskSpaceNotification(false); |
| } |
| |
| TEST_F(DeviceSettingsProviderTestEnterprise, |
| DeviceShowLowDiskSpaceNotification) { |
| // Showing the low disk space notification can be controlled by policy. |
| SetDeviceShowLowDiskSpaceNotification(true); |
| VerifyDeviceShowLowDiskSpaceNotification(true); |
| |
| SetDeviceShowLowDiskSpaceNotification(false); |
| VerifyDeviceShowLowDiskSpaceNotification(false); |
| } |
| |
| // Tests DeviceFamilyLinkAccountsAllowed policy with the feature disabled. |
| // The policy should have no effect. |
| TEST_F(DeviceSettingsProviderTest, DeviceFamilyLinkAccountsAllowedDisabled) { |
| base::test::ScopedFeatureList scoped_feature_list; |
| scoped_feature_list.InitAndDisableFeature( |
| features::kFamilyLinkOnSchoolDevice); |
| |
| base::Value default_value(false); |
| VerifyPolicyValue(kAccountsPrefFamilyLinkAccountsAllowed, &default_value); |
| |
| // Family Link allowed with allowlist set, but the feature is disabled. |
| SetDeviceFamilyLinkAccountsAllowed(true); |
| AddUserToAllowlist("*@managedchrome.com"); |
| EXPECT_EQ(base::Value(false), |
| *provider_->Get(kAccountsPrefFamilyLinkAccountsAllowed)); |
| } |
| |
| // Tests DeviceFamilyLinkAccountsAllowed policy with the feature enabled. |
| TEST_F(DeviceSettingsProviderTest, DeviceFamilyLinkAccountsAllowedEnabled) { |
| base::test::ScopedFeatureList scoped_feature_list; |
| scoped_feature_list.InitAndEnableFeature(features::kFamilyLinkOnSchoolDevice); |
| |
| base::Value default_value(false); |
| VerifyPolicyValue(kAccountsPrefFamilyLinkAccountsAllowed, &default_value); |
| |
| // Family Link allowed, but no allowlist set. |
| SetDeviceFamilyLinkAccountsAllowed(true); |
| EXPECT_EQ(base::Value(false), |
| *provider_->Get(kAccountsPrefFamilyLinkAccountsAllowed)); |
| |
| // Family Link allowed with allowlist set. |
| AddUserToAllowlist("*@managedchrome.com"); |
| EXPECT_EQ(base::Value(true), |
| *provider_->Get(kAccountsPrefFamilyLinkAccountsAllowed)); |
| |
| // Family Link disallowed with allowlist set. |
| SetDeviceFamilyLinkAccountsAllowed(false); |
| EXPECT_EQ(base::Value(false), |
| *provider_->Get(kAccountsPrefFamilyLinkAccountsAllowed)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, FeatureFlags) { |
| EXPECT_EQ(nullptr, provider_->Get(kFeatureFlags)); |
| |
| device_policy_->payload().mutable_feature_flags()->add_feature_flags("foo"); |
| BuildAndInstallDevicePolicy(); |
| |
| base::Value::List expected_feature_flags; |
| expected_feature_flags.Append("foo"); |
| EXPECT_EQ(expected_feature_flags, provider_->Get(kFeatureFlags)->GetList()); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceAllowedBluetoothServices) { |
| em::DeviceAllowedBluetoothServicesProto* proto = |
| device_policy_->payload().mutable_device_allowed_bluetooth_services(); |
| proto->add_allowlist("0x1124"); |
| BuildAndInstallDevicePolicy(); |
| base::Value::List allowlist; |
| allowlist.Append("0x1124"); |
| EXPECT_EQ(allowlist, |
| provider_->Get(kDeviceAllowedBluetoothServices)->GetList()); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceBluetoothJustWorksPairingEnabled) { |
| em::BooleanPolicyProto* proto = |
| device_policy_->payload() |
| .mutable_devicebluetoothjustworkspairingenabled(); |
| proto->set_value(true); |
| BuildAndInstallDevicePolicy(); |
| EXPECT_EQ(base::Value(true), |
| *provider_->Get(kDeviceBluetoothJustWorksPairingEnabled)); |
| } |
| |
| // Check valid JSON for DeviceScheduledReboot. |
| TEST_F(DeviceSettingsProviderTest, DeviceScheduledReboot) { |
| const std::string json_string = |
| "{\"reboot_time\": {\"hour\": 22, \"minute\": 30}, " |
| "\"frequency\": \"MONTHLY\", \"day_of_week\": \"MONDAY\", " |
| "\"day_of_month\": 15}"; |
| base::Value::Dict expected_dict; |
| expected_dict.SetByDottedPath("reboot_time.hour", 22); |
| expected_dict.SetByDottedPath("reboot_time.minute", 30); |
| expected_dict.Set("frequency", "MONTHLY"); |
| expected_dict.Set("day_of_week", "MONDAY"); |
| expected_dict.Set("day_of_month", 15); |
| base::Value expected_value(std::move(expected_dict)); |
| SetDeviceScheduledReboot(json_string); |
| VerifyPolicyValue(kDeviceScheduledReboot, &expected_value); |
| } |
| |
| // Checks that content_protection decodes correctly. |
| TEST_F(DeviceSettingsProviderTest, DecodeContentProtectionDefault) { |
| BuildAndInstallDevicePolicy(); |
| const base::Value* value = |
| provider_->Get(kAttestationForContentProtectionEnabled); |
| ASSERT_TRUE(value); |
| ASSERT_TRUE(value->is_bool()); |
| EXPECT_TRUE(value->GetBool()); |
| } |
| |
| // Checks that content_protection decodes correctly. |
| TEST_F(DeviceSettingsProviderTest, DecodeContentProtectionEnable) { |
| SetContentProtection(true); |
| const base::Value* value = |
| provider_->Get(kAttestationForContentProtectionEnabled); |
| ASSERT_TRUE(value); |
| ASSERT_TRUE(value->is_bool()); |
| EXPECT_TRUE(value->GetBool()); |
| } |
| |
| // Checks that content_protection decodes correctly. |
| TEST_F(DeviceSettingsProviderTest, DecodeContentProtectionDisable) { |
| SetContentProtection(false); |
| const base::Value* value = |
| provider_->Get(kAttestationForContentProtectionEnabled); |
| ASSERT_TRUE(value); |
| ASSERT_TRUE(value->is_bool()); |
| EXPECT_FALSE(value->GetBool()); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceRestrictedManagedGuestSessionEnabled) { |
| device_policy_->payload() |
| .mutable_device_restricted_managed_guest_session_enabled() |
| ->set_enabled(true); |
| BuildAndInstallDevicePolicy(); |
| EXPECT_EQ(base::Value(true), |
| *provider_->Get(kDeviceRestrictedManagedGuestSessionEnabled)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, |
| DeviceRestrictedManagedGuestSessionDisabled) { |
| device_policy_->payload() |
| .mutable_device_restricted_managed_guest_session_enabled() |
| ->set_enabled(false); |
| BuildAndInstallDevicePolicy(); |
| EXPECT_EQ(base::Value(false), |
| *provider_->Get(kDeviceRestrictedManagedGuestSessionEnabled)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, KioskCRXManifestUpdateURLIgnoredEnabled) { |
| device_policy_->payload() |
| .mutable_kiosk_crx_manifest_update_url_ignored() |
| ->set_value(true); |
| BuildAndInstallDevicePolicy(); |
| EXPECT_EQ(base::Value(true), |
| *provider_->Get(kKioskCRXManifestUpdateURLIgnored)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, KioskCRXManifestUpdateURLIgnoredDisabled) { |
| device_policy_->payload() |
| .mutable_kiosk_crx_manifest_update_url_ignored() |
| ->set_value(false); |
| BuildAndInstallDevicePolicy(); |
| EXPECT_EQ(base::Value(false), |
| *provider_->Get(kKioskCRXManifestUpdateURLIgnored)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceEncryptedReportingPipelineEnabled) { |
| device_policy_->payload() |
| .mutable_device_encrypted_reporting_pipeline_enabled() |
| ->set_enabled(true); |
| BuildAndInstallDevicePolicy(); |
| EXPECT_EQ(base::Value(true), |
| *provider_->Get(kDeviceEncryptedReportingPipelineEnabled)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceEncryptedReportingPipelineDisabled) { |
| device_policy_->payload() |
| .mutable_device_encrypted_reporting_pipeline_enabled() |
| ->set_enabled(false); |
| BuildAndInstallDevicePolicy(); |
| EXPECT_EQ(base::Value(false), |
| *provider_->Get(kDeviceEncryptedReportingPipelineEnabled)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DevicePrintingClientNameTemplateUnset) { |
| device_policy_->payload().clear_device_printing_client_name_template(); |
| BuildAndInstallDevicePolicy(); |
| EXPECT_FALSE(provider_->Get(kDevicePrintingClientNameTemplate)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DevicePrintingClientNameTemplate) { |
| device_policy_->payload() |
| .mutable_device_printing_client_name_template() |
| ->set_value("chromebook-${DEVICE_ASSET_ID}"); |
| BuildAndInstallDevicePolicy(); |
| EXPECT_EQ(base::Value("chromebook-${DEVICE_ASSET_ID}"), |
| *provider_->Get(kDevicePrintingClientNameTemplate)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceSystemAecEnabled) { |
| device_policy_->payload() |
| .mutable_device_system_aec_enabled() |
| ->set_device_system_aec_enabled(true); |
| BuildAndInstallDevicePolicy(); |
| EXPECT_EQ(base::Value(true), *provider_->Get(kDeviceSystemAecEnabled)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceSystemAecDisabled) { |
| device_policy_->payload() |
| .mutable_device_system_aec_enabled() |
| ->set_device_system_aec_enabled(false); |
| BuildAndInstallDevicePolicy(); |
| EXPECT_EQ(base::Value(false), *provider_->Get(kDeviceSystemAecEnabled)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceHindiInscriptLayoutEnabled) { |
| device_policy_->payload() |
| .mutable_device_hindi_inscript_layout_enabled() |
| ->set_enabled(true); |
| BuildAndInstallDevicePolicy(); |
| EXPECT_EQ(base::Value(true), |
| *provider_->Get(kDeviceHindiInscriptLayoutEnabled)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceUserInitiatedFirmwareUpdatesEnabled) { |
| em::BooleanPolicyProto* proto = |
| device_policy_->payload() |
| .mutable_deviceuserinitiatedfirmwareupdatesenabled(); |
| proto->set_value(true); |
| BuildAndInstallDevicePolicy(); |
| EXPECT_EQ(base::Value(true), |
| *provider_->Get(kDeviceUserInitiatedFirmwareUpdatesEnabled)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, |
| DeviceUserInitiatedFlexSystemFirmwareUpdatesEnabled) { |
| em::BooleanPolicyProto* proto = |
| device_policy_->payload() |
| .mutable_deviceuserinitiatedflexsystemfirmwareupdatesenabled(); |
| proto->set_value(true); |
| BuildAndInstallDevicePolicy(); |
| EXPECT_EQ( |
| base::Value(true), |
| *provider_->Get(kDeviceUserInitiatedFlexSystemFirmwareUpdatesEnabled)); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceDlcPredownloadListUnset) { |
| // Device setting must be unset if the policy is not set. |
| VerifyPolicyValue(kDeviceDlcPredownloadList, nullptr); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceDlcPredownloadListEmpty) { |
| // Device setting must be unset if there are no DLCs to pre download. |
| device_policy_->payload().clear_device_dlc_predownload_list(); |
| BuildAndInstallDevicePolicy(); |
| VerifyPolicyValue(kDeviceDlcPredownloadList, nullptr); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceDlcPredownloadListNonempty) { |
| device_policy_->payload() |
| .mutable_device_dlc_predownload_list() |
| ->mutable_value() |
| ->add_entries("scanner_drivers"); |
| |
| BuildAndInstallDevicePolicy(); |
| |
| VerifyPolicyList(kDeviceDlcPredownloadList, |
| base::Value::List().Append("sane-backends-pfu")); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceDlcPredownloadListInvalidDlc) { |
| device_policy_->payload() |
| .mutable_device_dlc_predownload_list() |
| ->mutable_value() |
| ->add_entries("scanner_drivers"); |
| device_policy_->payload() |
| .mutable_device_dlc_predownload_list() |
| ->mutable_value() |
| ->add_entries("invalid_dlc_name"); |
| |
| BuildAndInstallDevicePolicy(); |
| |
| // Device setting must contain only the valid DLCs that can be pre downloaded. |
| VerifyPolicyList(kDeviceDlcPredownloadList, |
| base::Value::List().Append("sane-backends-pfu")); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceDlcPredownloadListDuplicateDlc) { |
| device_policy_->payload() |
| .mutable_device_dlc_predownload_list() |
| ->mutable_value() |
| ->add_entries("scanner_drivers"); |
| device_policy_->payload() |
| .mutable_device_dlc_predownload_list() |
| ->mutable_value() |
| ->add_entries("scanner_drivers"); |
| |
| BuildAndInstallDevicePolicy(); |
| |
| // Device setting must not contain any duplicate values. |
| VerifyPolicyList(kDeviceDlcPredownloadList, |
| base::Value::List().Append("sane-backends-pfu")); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceExtendedAutoUpdateEnabledValueSet) { |
| device_policy_->payload() |
| .mutable_deviceextendedautoupdateenabled() |
| ->set_value(true); |
| BuildAndInstallDevicePolicy(); |
| |
| const base::Value* actual_value = |
| provider_->Get(kDeviceExtendedAutoUpdateEnabled); |
| |
| EXPECT_TRUE(actual_value->GetBool()); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceExtendedAutoUpdateEnabledValueUnset) { |
| device_policy_->payload().clear_deviceextendedautoupdateenabled(); |
| BuildAndInstallDevicePolicy(); |
| |
| const base::Value* actual_value = |
| provider_->Get(kDeviceExtendedAutoUpdateEnabled); |
| |
| EXPECT_FALSE(actual_value); |
| } |
| |
| TEST_F(DeviceSettingsProviderTest, DeviceExtensionsSystemLogEnabled) { |
| device_policy_->payload() |
| .mutable_deviceextensionssystemlogenabled() |
| ->set_value(true); |
| BuildAndInstallDevicePolicy(); |
| |
| const base::Value* actual_value = |
| provider_->Get(kDeviceExtensionsSystemLogEnabled); |
| |
| EXPECT_TRUE(actual_value->GetBool()); |
| } |
| |
| } // namespace ash |
